ioc[.]one - OSINT Cyber Threat Intelligence Database

Phishing Campaign uses Hijacked Emails to Send URSNIF

Tags

country:	Canada France Laos
maec-delivery-vectors:	Watering Hole
attack-pattern:	Data Direct Botnet - T1583.005 Botnet - T1584.005 Credentials - T1589.001 Email Accounts - T1585.002 Email Accounts - T1586.002 Email Addresses - T1589.002 Malicious File - T1204.002 Malware - T1587.001 Malware - T1588.001 Network Devices - T1584.008 Phishing - T1660 Phishing - T1566 Powershell - T1059.001 Server - T1583.004 Server - T1584.004 Software - T1592.002 Vulnerabilities - T1588.006 Powershell - T1086

Show in Graph

Common Information

Type	Value
UUID	0ae62bf3-ac94-40ca-b92e-1f6afe7e5780
Fingerprint	2c4c895b8931fecd
Analysis status	DONE
Considered CTI value	2
Text language
Published	Oct. 9, 2018, midnight
Added to db	Oct. 15, 2024, 7:10 p.m.
Last updated	Nov. 17, 2024, 6:49 p.m.
Headline	Phishing Campaign uses Hijacked Emails to Send URSNIF
Title	Phishing Campaign uses Hijacked Emails to Send URSNIF
Detected Hints/Tags/Attributes	87/3/66

Source URLs

	Redirection	Url
Details	Source	https://www.trendmicro.com/en_gb/research/18/j/phishing-campaign-uses-hijacked-emails-to-deliver-ursnif-by-replying-to-ongoing-threads.html

URL Provider

Details	Provider	Source level domain
Details	trendmicro.com	www.trendmicro.com

Attributes

Details	Type	#Events	Value
Details	Domain	2	rrcs-50-74-218-2.nyc.biz.rr.com
Details	Domain	2	sender.co.ca
Details	Domain	2	t95dfesc2mo5jr.com
Details	Domain	2	enduuyyhgeetyasd.com
Details	Domain	3	q0fpkblizxfe1l.com
Details	Domain	2	2dhtsif1a8jhyb.com
Details	Domain	2	yrtw1djmj6eth7.com
Details	Domain	2	popoasdzxcqe.com
Details	Domain	2	e3u1oz4an1dqmj.com
Details	Domain	2	hbhbasdqweb.com
Details	Domain	2	app.kartop.at
Details	Domain	2	doc.dicin.at
Details	Domain	2	doc.avitoon.at
Details	Domain	2	app.avitoon.at
Details	Domain	2	ops.twidix.at
Details	Domain	2	xx.go10og.at
Details	Domain	2	api.kartop.at
Details	Domain	2	m1.fofon.at
Details	Domain	2	cdn.kartop.at
Details	Domain	2	api.tylron.at
Details	Domain	2	chat.twidix.at
Details	Domain	2	api.kaonok.at
Details	Domain	2	chat.jimden.at
Details	Domain	2	mahono.cn
Details	File	2	opanskot.php
Details	File	2	jzk+'.exe
Details	File	1260	explorer.exe
Details	sha256	2	bdd3f03fb074c55cf46d91963313966ce26afdb13b1444258f8f9e7e723d8395
Details	sha256	2	dd7b4fc4d5cc1c1e25c800d5622423725a1b29000f93b658a54e267bbbe6f528
Details	sha256	2	4df47982fdd1ac336625600fa8c947d45909248309b117d05fc532a2260c7bc4
Details	sha256	3	f88ef62f2342f4d1105cfe85395b735efd3f0308b79551944983ce245d425510
Details	sha256	3	567fe3794a9eec27697ae0634861d284279261880887f60a7374c6cbe63b7674
Details	sha256	2	52d3ece98b6b3b686925156c3d62d8ce133fe3326e11b4c981c251452e4a41d2
Details	sha256	2	4d0762a6b2879d2fa821716db76bc980fdb3b8507611d2853df58c0d4127f9ea
Details	sha256	2	47e2c66ba16e3ffa9704a13f2c00670319bf292b3d2aa7deede5442da02181e5
Details	sha256	2	c2c946f7fd63fc15048a9af4043686f5a56b169e74cb36892fb8d1563b810467
Details	sha256	2	21ce42a1fc6631ed10db3d0e44b4ccb6d96a729fc494bd86a57cf07ff72cb8f2
Details	sha256	2	de8f8f39259992886da3b07635cbf121027379e5c1a156a32c6c6e5ace3cc4c3
Details	sha256	2	6b387b8534da9cc7cf0af4f2fb8c2a92f9316c0ea6ffb9cfe49b09b4c3df9778
Details	sha256	2	6bf99f4b17a07e788219333d96a7a19c9eddc1b49d16c2a21da255a6a16c80d5
Details	sha256	3	33d078881456e3b930c480803902fa28142b17c8550f3932e7cf4a1df0eb9213
Details	sha256	2	6ca2d4dcea456b9d4c87f211ed20bb32f71a0c78ee8059b934162e643d66e0c9
Details	sha256	2	82bee0c249b63f349d212a36f0b9ad90f909017ac734eac133353a1135d7474d
Details	sha256	2	1f2e12a58cc23f4e6e7f17b8c1a5c50b88614fda103577354b9564f2dffc257f
Details	sha256	2	1db71aec64d0e391a8c99f4f6ee214962a281733643ace0874cf69e2843f448c
Details	sha256	2	c33d642da477f65c11daa9e8098b9917c4c5a6f131dd1369a20cb1b14c4cc261
Details	sha256	2	398e677290b1db00d8751c3498847ad9c7d10721630175d2506c4d45af19d229
Details	sha256	2	813a08d3b2216c89d42e8225c6de760d785905d1c76bd7428201d68c3c368f65
Details	sha256	2	5aed7d6a3e8692143e53f9556cd3aa371149c96b91c02d1c659cb58d88572e47
Details	sha256	2	0a38d92775cfc7182076d9a21c4937149ea8be6ebf22b9530afbca57d69c0d46
Details	sha256	2	358bd52ac46755b1c6fa73805a7a355450f85f4bcf1b2e798a04960743390422
Details	sha256	2	e8633f2f2b6b0b8f7348b4660e325ab25b87ec8faa40fb49eb0215b31bd276aa
Details	sha256	2	f92ba10fe245c00575ae8031d4c721fe0ebb0820a4f45f3bbce02654a6e7f18d
Details	Url	2	http://t95dfesc2mo5jr.com/rtt/opanskot.php?l=targa2.tkn
Details	Url	2	http://enduuyyhgeetyasd.com/rtt/opanskot.php?l=omg8.tkn
Details	Url	2	http://q0fpkblizxfe1l.com/rtt/opanskot.php?l=targa4.tkn
Details	Url	2	http://2dhtsif1a8jhyb.com/rtt/opanskot.php?l=okb1.tkn
Details	Url	2	http://yrtw1djmj6eth7.com/rtt/opanskot.php?l=okb7.tkn
Details	Url	2	http://popoasdzxcqe.com/yuy/huonasdh.php?l=rgr7.tkn
Details	Url	2	http://q0fpkblizxfe1l.com/rtt/opanskot.php?l=targa2.tkn
Details	Url	2	http://e3u1oz4an1dqmj.com/rtt/opanskot.php?l=okb9.tkn
Details	Url	2	http://popoasdzxcqe.com/yuy/huonasdh.php?l=rgr3.tkn
Details	Url	2	http://2dhtsif1a8jhyb.com/rtt/opanskot.php?l=okb5.tkn
Details	Url	2	http://hbhbasdqweb.com/yuy/huonasdh.php?l=rgr4.tkn
Details	Windows Registry Key	2	HKEY_CURRENT_USER\Software\AppDataLow\Software\Microsoft\3A861D62-51E0-15700F2219A4
Details	Windows Registry Key	3	HKCU\Software\AppDataLow\Software\Microsoft